On March 7, 2025, the Office of the Comptroller of the Currency (“OCC”) released Interpretive Letter 1183, marking a pivotal change in regulatory guidance for national banks and federal savings associations engaging in cryptocurrency activities. This recent directive, issued under Acting Comptroller Rodney Hood, rescinds the requirements set by Interpretive Letter 1179 from November
On February 20, 2025, the Office of the Comptroller of the Currency (“OCC”) announced that they had entered into a formal agreement with Patriot Bank, National Association (“Patriot Bank”), following a comprehensive examination that identified several regulatory deficiencies and unsafe banking practices.
Key Takeaways
Brink’s Global Services USA (“BGS USA”), a global leader in secure logistics, found itself at the center of a significant regulatory investigation due to its failure to meet anti-money laundering (“AML”) obligations. Specifically, BGS USA was found to have violated several provisions of the Bank Secrecy Act (“BSA”), leading to actions by both the U.S.
In a closely watched and complicated case, Van Loon et al. v. Dep’t of the Treasury et al., the U.S. Court of Appeals for the Fifth Circuit ruled that the Office of Foreign Assets Control (“OFAC”) cannot sanction Tornado Cash, “an open-source, crypto-transactions software protocol that facilitates anonymous transactions by obfuscating the origins and destinations of digital asset transfers.” The opinion, which reversed the ruling of the District Court, is here. A recording of the oral argument is here. The opinion is complex but written in a very clear style.
We previously blogged on OFAC’s designation of Tornado Cash (here) and the resulting civil suit (here). We also covered the indictment returned against the alleged developers of Tornado Cash, Roman Storm and Roman Semenov, who were charged with conspiring to commit money laundering, operating an unlicensed money transmitting business, and violating sanctions under the International Emergency Economic Powers Act, or IEEPA (here). The DOJ subsequently obtained a superseding indictment against Storm only (here); Storm’s trial currently is scheduled for April 2025). When the initial indictment was unsealed, Treasury simultaneously sanctioned Semenov, who remains outside the U.S., by adding him to OFAC’s Specially Designated Nationals and Blocked Persons (“SDN”) List.
These actions are a reminder that, putting aside the complex issues presented by the Fifth Circuit decision regarding OFAC’s (in)ability to sanction a technology, law enforcement and regulators still can pursue people for related alleged conduct. And, invariably, people are involved in a technology.
Continue Reading Fifth Circuit Rejects OFAC Designation of Tornado Cash Immutable Smart Contracts
On October 22, 2024, the U.S. Court of Appeals for the Second Circuit ruled that Türkiye Halk Bankası A.Ş. (“Halkbank”), owned by the Republic of Turkey, can be prosecuted for allegedly helping Iran evade U.S. sanctions and committing related money laundering and bank fraud.
The court rejected Halkbank’s claim of immunity, stating that foreign state-owned companies are not protected from prosecution for commercial, non-governmental activities under U.S. common law. This decision allows U.S. prosecutors to pursue charges against Halkbank for allegedly laundering $20 billion of restricted funds through the use of money services businesses and front companies, coupled with the making of false statements to the U.S. Department of the Treasury regarding transactions with Iran to conceal the scheme.
The Second Circuit’s ruling underscores a pivotal point: foreign state-owned corporations cannot claim blanket immunity from prosecution in the U.S. for commercial activities under either the common law or the Foreign Sovereign Immunities Act (“FSIA”). This will be particularly true in cases involving charges of money laundering, which necessarily involve financial transactions. Further, the alleged involvement of foreign government officials in the charged schemes will not bestow, standing alone, immunity from prosecution.
Continue Reading Halkbank Faces Prosecution: U.S. Court of Appeals Denies Sovereign Immunity
On August 27, 2024, the New York State Department of Financial Services (“NYDFS”) announced a consent order involving a $35 million settlement with Nordea Bank Abp (“Nordea”) for alleged significant failures related to anti-money laundering (“AML”) compliance. Nordea, headquartered in Helsinki, Finland, operates globally, including through a licensed branch in New York, which has its own AML and transaction monitoring requirements.
The enforcement action, which followed revelations from the Panama Papers leak, found that Nordea allegedly failed to conduct proper due diligence on high-risk correspondent banking relationships and maintained inadequate AML controls. According to the NYDFS, the Panama Papers implicated Nordea in aiding clients in establishing offshore shell companies in order to facilitate illicit activities.
The consent order alleges that Nordea violated New York law by allowing compliance failures in its AML program and procedures to persist. Meanwhile, Danish officials recently charged Nordea with repeatedly violating Denmark’s anti-money laundering act between 2012 and 2015, thereby exposing Nordea, potentially, to extremely significant fines. As we will discuss, although the consent order implicates many different issues, the NYDFS enforcement action represents, in part, the latest chapter in the continued fall-out from the massive AML scandal involving Dankse Bank. The consent order also highlights, once again, the particular risks posed by correspondent banking relationships, on which we repeatedly have blogged (for example, here, here, and here).
On June 20, 2024, the Financial Crimes Enforcement Network (“FinCEN”) issued a supplemental advisory to alert U.S. financial institutions about emerging trends in the illicit fentanyl supply chain. The supplemental advisory emphasized the increasing involvement of Mexico-based transnational criminal organizations (“TCOs”) in the procurement of fentanyl precursor chemicals and manufacturing equipment from suppliers in the People’s Republic of China (“PRC”).
The detailed supplemental advisory builds upon FinCEN’s 2019 advisory (see our blog post here) by introducing new typologies and red flags for financial institutions to try to identify and report suspicious transactions. As we discuss, the supplemental advisory was accompanied by related actions by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) and the U.S. Department of Justice (“DOJ”) as part of an apparently coordinated effort by the federal government to combat this pernicious illicit industry.
On May 3, 2024, the Board of Governors of the Federal Reserve System (the “Federal Reserve”), the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC”) jointly released the “Third-Party Risk Management: A Guide for Community Banks” (the “Guide”), presenting it as a resource for community banks to bolster their third-party risk management programs, policies, and practices.
The Guide serves as a companion to the Interagency Guidance on Third-Party Relationship: Risk Management issued in June 2023 (on which we blogged, here). It also relates to the OCC’s Fall 2023 Semiannual Risk Perspective, which emphasizes the need for banks to maintain prudent risk management practices – including practices tailored to address Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) compliance risks with respect to fintech relationships.
The Guide acknowledges the widespread collaborations between community banks and third-party entities, and recognizes the strategic importance for such partnerships to improve competitiveness and adaptability. These collaborations provide community banks with access to a diverse array of resources, such as new technologies, risk management tools, skilled personnel, delivery channels, products, services, and market opportunities.
However, the Guide underscores that reliance on third parties entails a loss of direct operational control, thereby exposing community banks to a spectrum of risks. Banks are still accountable for executing all activities in compliance with applicable laws and regulations. “These laws and regulations include . . . those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices) and those addressing financial crimes (such as fraud and money laundering).” Accordingly, the Guide emphasizes that the engagement of third parties does not absolve a bank of its responsibility to operate in a safe and sound manner and to comply with regulatory requirements, “just as if the bank were to perform the service or activity itself.” The Guide sets forth this concept in bold, on the first page.
The Guide’s emphasis on governance practices highlights the critical role of oversight, accountability, and documentation in ensuring regulatory compliance and safeguarding the interests of both banks and their customers. Although the Guide styles itself as offering a framework tailored to the specific needs and challenges faced by community banks, it also offers direction to all financial institutions in regards to effective third-party risk management.
It is challenging for law enforcement to track down and trace illicit activities conducted through digital currencies. The process can be very time- and resource-intensive. Further, securing charges and arrests, and subsequent convictions, often requires the strong support of traditional sources of evidence, such as fact witness testimony and electronic communications. Nonetheless, blockchain analytics is a key component of the government’s ability to pursue such cases.
On March 12, a jury in the United States District Court for the District of Columbia found Roman Sterlingov guilty on charges of money laundering conspiracy, so-called “sting” money laundering, operating an unlicensed money transmitting business, and violations of the D.C. Money Transmitters Act. We blogged about the initial criminal complaint issued against Sterlingov here. Sterlingov allegedly laundered $400 million through Bitcoin Fog, a bitcoin mixing service which can be used to obscure the origins of cryptocurrency transactions.
Shortly before the trial and guilty verdicts, the Court issued an order addressing the admissibility of expert testimony related to blockchain analysis software under the factors established by the Supreme Court’s decision in Daubert v. Merrell Dow Pharmaceuticals, Inc. to assess the reliability of expert testimony under Federal Rule of Evidence 702. This blog post focuses on that order.
Specifically, the Court addressed proprietary software used by the private digital asset forensic firm Chainalysis, Chainalysis Reactor (“Reactor”), and whether expert testimony by witnesses propounded by the government – Luke Scholl (“Scholl”) from the FBI, and Elizabeth Bisbee (“Bisbee”) from Chainalysis – could rely upon Reactor under Daubert. Reactor is a software used to dissect bitcoin transactions, utilizing techniques like co-spend analysis to connect multiple addresses to a single entity. The defense raised significant concerns about the reliability of Reactor.
The Court found the expert testimony admissible under Daubert. Importantly, the Court also noted that while Reactor was important to the government’s case, it was not the sole basis for the prosecution’s theories. Other evidence, such as materials found in Sterlingov’s possession, online forum posts, IP analyses, and traditional blockchain tracing, also supported the prosecution.
The Court’s decision has potentially significant implications for future cases involving cryptocurrency transactions and digital currency-related crimes. It establishes a precedent regarding the potential admissibility of evidence derived from such software tools and underscores the evolving challenges and complexities of investigating financial crimes in the digital age.
Continue Reading Blockchain Analysis and Related Expert Testimony Admissible In Criminal Trial
The Financial Crimes Enforcement Network (“FinCEN”) recently released a Financial Trend Analysis (“FTA”) focusing on identity-related suspicious activity. The FTA was issued pursuant to section 6206 of the Anti-Money Laundering Act of 2020, which requires FinCEN to periodically publish threat pattern and trend information derived from BSA filings.
FinCEN examined information from Bank Secrecy Act (“BSA”) filings submitted in the 2021 calendar year. According to FinCEN’s analysis, 1.6 million “BSA filings” – presumably, the vast majority of which constituted Suspicious Activity Reports (“SARs”) – were identity-related, representing a total of $212 billion in suspicious activity. These filings constituted 42% of filings for that year, thereby meaning that approximately 3.8 million SARs were filed in 2021.
The descriptions and the explanations in the FTA necessarily turn on how the SAR filings chose to describe the suspicious activity at issue. This is presumably why most of the activity falls into the vague category of “general fraud” – because, apparently, this is the particular box on the SAR form which most of the SAR filers happened to choose. However, and we will describe, the activity in fact animating the vast majority of these SARs is some form of identity theft.
Continue Reading FinCEN Analysis Reveals $212 Billion in Identity-Related Suspicious Activity